What Brexit Will Mean For International Data Sharing

So the turkeys have voted for Christmas, and the UK is set to leave the EU in as little as two years’ time.

The ramifications – which will no doubt be reported widely across Forbes – are almost unimaginably enormous for those of us living here. I’m simply going to focus on what Brexit is likely to mean for international data sharing, given recent legislation around surveillance and privacy.

And it doesn’t look pretty.

More than three-quarters of the UK’s economy is based on services, and much of that involves the transfer of data. Digital industries represent 10 per cent of Britain’s GDP. And while the UK has historically been seen by many multinationals as a gateway to Europe, that’s a gateway that could now be slammed shut.

While many Brexiteers cited European red tape as justification for a vote to leave, the fact is that the UK will still have to comply with European data regulations if it wants to carry on any sort of business as usual.

Under the EU’s new General Data Protection Regulation (GDPR), transferring personal data from the EU to locations outside the European Economic Area (EEA) is prohibited unless there is adequate data protection in place.

There has been talk of a post-Brexit UK joining the EEA, alongside other non-EU members Iceland, Lichtenstein and Norway. However, EEA membership entails allowing the free movement of people across borders, objections to which have been central to the Brexit campaign throughout. EEA membership, in short, looks highly unlikely.

The alternative is for the UK to negotiate an independent deal with the EU similar to Privacy Shield, which governs data transfer between the EU and the US, and which replaced Safe Harbour earlier this year.

This, though, won’t be easy. The European Commission has already expressed concerns that the UK Data Protection Act 1998 doesn’t fully implement EU privacy rules; and with the Investigatory Powers Bill set to come into force in the UK later this year, privacy will be weakened even further – making EU acceptance even less likely.

And if data transfer between the UK and the EU is restricted, this will, of course, affect translatlantic data transfer to and from the UK, and all the trade that goes with it.

Post-Brexit Britain may still have to abide by EU data laws. (Photo: Ben Stansall/AFP/Getty Images)

While many criticized Privacy Shield as hasty, weak and scrappily written, it at least created a framework allowing US companies to carry on trading normally with the EU. A huge amount of this trade was carried out via the UK.

However, Brexit puts all this in doubt – and US businesses are unlikely to hang around waiting for the UK to get its act together. Instead, they’ll want to protect themselves.

As Emily Taylor, associate fellow for international security at think-tank Chatham House points out, the abolition of Safe Harbour prompted many US cloud providers to start offering guaranteed hosting in the EU to be on the safe side.

“During the uncertain period following the referendum, international providers are likely to move data out of the UK in a similar way,” she says.

“Meanwhile UK companies, rather than enjoying a reduction in Brussels red tape after Brexit, would still be bound by EU regulations when handling the data of EU citizens, as well as facing barriers to data transfer.”

And the US is hardly likely to sign an independent data sharing deal with the UK quickly enough to prevent this exodus from taking place.

The UK Information Commissioner’s Office is extremely concerned, and is calling on the government to get its data protection rules in line with the EU.

“If the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018,” says a spokesman.

“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary.”

Ironically, of course, as an EU member the UK had some say over EU data protection laws. In future, if it wants to trade with the EU or even with the US, it may still have to conform with those laws – it just won’t be helping to write them any more.

This article was written by Emma Woollacott from Forbes and was legally licensed through the NewsCred publisher network.